Tuesday, April 29, 2008

Linux From Scratch Results

FAIL. Its a common theme with my attempts to compile almost anything more than a basic app. I made it quite far but who knows where I went wrong. The problem really is that I have no way to know if everything compiled correctly.

This time round I feel that I have managed to do all the compilation right but failed somewhere in the configuration steps right at the end.

Oh well. The partition I used has once again cleaned out in anticipation of the next bit project.

In all it took two evenings to compile everything. Not bad compared to my last attempt on my old computer which took a whole week of evenings. Go DUAL CORE CPU and 2 Gb Ram!!!

Linux From Scratch ( LFS ) - An experience!!!

I have toyed with LFS before, but never on a system where I had any real chance of it actually working. I am now currently half way through chapter 5 of the book. This is the chapter where one compiles ( from source ) all the necessary components so that one might compile the actual components.

This process of building a toolchain on the target system is supposed to provide for a fully optimised Linux. The source code used is all released under the GNU license so it's a completely free operating system.

There is no real reason for going through this ultimately very boreing and labourious excersise other than to say, "Yes - I too have toyed with and successfully built my own Operating system from source code downloaded off the internet."

You can download the binary LFS, or by a CD with a fancy installer. LFS is a book with instructions on how to build an OS. The best way to read it is, of course, online so that the commands which are all nicely laid out in boxes with a grey background can be copy / pasted into your bash prompt. One after the other. While the compilation actually happens, its well worth reading the details found on each page. They are very useful if you want to gain a deeper understanding of the internals of a Linux OS.

Linux From Scratch can be found here.

Sunday, April 27, 2008

Website hacked

My website was hacked and made into a phishing site. Some kind of issue with cross site ajax blah blah. What is a bit unhelpful is that there was no real information regarding this kind of hack ( I mean specifically ) that would help me to fix it.

Anyway - The only thing I did find was that I should lock down the file permissions on the web server. I found all these renamed directories and one that didn't belong there at all. The lesson learned here is that even if you make a mistake with file permissions thus opening your web servives and sites open to attack, you should make a point of knowing all th files and folders so that you can spot an anomaly and fix it.

Of course this doesn't mean that all attacks of this nature rename your folders and files. They may simply change the content so the result is still a comprimised website.

I guess, a preemptive move ie: correcly setting up the website and server, is the best defense. After that be aware of strange things. I received a bunch of emails from odd people claiming that my site was a phishing site. My first response was to bin them thinking they were themselves dodgy. They were, but it did ring alarm bells because my site is not configured for comments. There is only one form that would send me emails and that is the contact us form.

So there you go. Anomalies and irregularities and file permissions etc, are all important.

********************* NOTE **************************
I received a phone call today from my webhost on the above issue. They suggested I reset my host account password. I asked them to do it because I could not gain access through to the site from behind my office firewall.

If ever your site is compromised an immediate reset of all your passwords is critical.

Thursday, April 24, 2008

Tiny MCE

A couple of days ago, I started preparing for the long and arduous journy where I would teach myself how to integrate a TinyMCE rich text editor on a web page.
Here is how it went:
  1. Downloaded the source - This is always my first step. Get the source. Nothing to do without the source.
  2. Read the readme page which was really just a bunch of examples with the code all nicely rendered on the pages.
  3. Tried it out. Easy peazy!!!
  4. Went to bed - feeling VERY HAPPY with myself.
Getting a TinyMCE rich text editor is so easy to setup its a wonder why we don't see it even more often on websites. I know that every wordpress site and most CMS sites have it by default but a lot dont.

So just:
  1. upload the javascript files to your webhost.
  2. Add the tags to the head section of your site that identifies the source. ( see example below )
  3. Add a small bit of JS to set up the editor.
  4. Add a <textarea> </textarea> on your form.
  5. Done.

<script type='text/javascript' src='lib/javascript/tiny_mce/tiny_mce.js'></script>
<script type='text/javascript'>
tinyMCE.init({
mode : 'textareas',
theme : 'advanced',
theme_advanced_buttons1 : 'bold,italic,underline,separator,strikethrough,justifyleft,justifycenter,justifyright, justifyfull,bullist,numlist,undo,redo',
theme_advanced_buttons2 : '',
theme_advanced_buttons3 : '',
theme_advanced_toolbar_location : 'top',
theme_advanced_toolbar_align : 'left',
theme_advanced_statusbar_location : 'bottom',
extended_valid_elements : 'a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]'
});
</script>

Saturday, April 19, 2008

Qemu networking part 3

Finally I have worked out how to network multiple guests together. Its done through a socket interface. The first guest listens and the others connect. I havn't tried with more than two guests at this stage but it did work.

Add the following net switches to the startup command.

start first guest.
-net nic,macaddr=52:54:00:12:34:56 -net tap,vlan=0 -net socket,listen=:1234

start second guest.
-net nic,macaddr=52:54:00:12:34:57 -net tap,vlan=0 -net socket,connect=localhost:1234
And thats it then. Time to start playing with domain controllers et. al.

Wednesday, April 16, 2008

Qemu networking

I have been fretting over this issue for a while now. Have finally worked out how to give qemu a network connection that joins with a bridge and thereby a connection to the host.

Qemu can create a tap interface that does all this magic networky stuff. It does work... :)

Write 2 network scripts as below: ( don't forget the chmod +x on each file. )

[root@sitedesign ~]# cat /etc/qemu-ifdown
#!/bin/sh
/sbin/ifconfig virbr0 down
/sbin/ifconfig down $1
/sbin/ifup eth0

[root@sitedesign ~]# cat /etc/qemu-ifup
#!/bin/sh
/sbin/ifconfig $1 0.0.0.0 promisc up
/usr/sbin/brctl addif virbr0 $1

Then to start the VM:

as root:
#~> qemu-kvm -net nic,vlan=0 -net,tap,vlan=0 -hda winxp.img -hdb winxp_disk2.img -usb -usbdevice tablet -localtime -daemonize


That should start you up with a connection to the default virbr that gets made by fedora at boot time.

Tuesday, April 15, 2008

Configure Apache for public_html

Apache can be configured to use a folder ( usually public_html ) in any user's home directory. This is relatively straight forward if you don't mind editing the httpd.conf file and changing a few file permissions...
A complete guide can be found here.
Step 1 - Change httpd.conf
In fedora and red-hat the correct configuration is already there. It's just commented out.
#> vim /etc/httpd/conf/httpd.conf
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#

#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable

#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html


Step 2 - Reload the httpd.conf
#>service httpd reload
Step 2 - Ensure that selinux is enabled for user_dir
#> setsebool httpd_enable_homedirs true

Step 3 - Ensure the correct access permissions are set on the home directory
As normal user in home directory
~> chmod a+x ~
Step 5 - Create the public_html directory
~> mkdir public_html
Step 6 - Set the selinux type label for public_html
~> chcon -t httpd_sys_content_t public_html
Step 7 - Create a web page or php script in your public_html folder and browse to it by:
http://localhost/~david/phpinfo.php

All Done!

Sunday, April 13, 2008

qemu networking fedora 8

Copy the following two files into /etc/

/etc/qemu-ifup

#!/bin/sh
# qemu-ifup
# script to bring up the tun device in QEMU in bridged mode
#
# This script bridges eth0 and tap0. First take eth0 down, then bring it up with IP 0.0.0.0
# if you do not use eth0 as the primary, change it to your interface name
ETHX=eth0
/sbin/ifdown ${ETHX}
/sbin/ifconfig ${ETHX} 0.0.0.0 up
#
# Bring up tap0 with IP 0.0.0.0, create bridge br0 and add interfaces ${ETHX} and tap0
#
/sbin/ifconfig tap0 0.0.0.0 promisc up
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 ${ETHX}
/usr/sbin/brctl addif br0 tap0
#
# As we have only a single bridge and loops are not possible, turn spanning tree protocol off
#
/usr/sbin/brctl stp br0 off
#
# Bring up the bridge with IP 192.168.1.2 and add the default route
# Change this to your static IP if you want the linux OS to route when the Guest OS is bridged in
/sbin/ifconfig br0 10.160.221.163 up
/sbin/route add default gw 255.255.255.0
#stop firewalls
/sbin/service iptables stop

/etc/qemu-ifdown

#!/bin/sh
# qemu-ifdown
# Script to bring down and delete bridge br0 when QEMU exits
#
# Bring down eth0 and br0
# then run the eth0 up script which should restart the firestarter firewall and reconfig the normal ip onto eth0
# if you do not use eth0 as the primary, change it to your interface name
ETHX=eth0
/sbin/ifdown ${ETHX}
/sbin/ifdown br0
/sbin/ifconfig br0 down
#
# Delete the bridge
#
/usr/sbin/brctl delbr br0
#
# bring up eth0 in "normal" mode
#
/sbin/ifup ${ETHX}
#start firewalls again
/sbin/service iptables start
Make sure that the tun device is installed.
#~> lsmod | grep tun

to manually start qemu:

#~>qemu-kvm -localtime -net nic1 -net user1 -hda /home/dave/Public/winxp.img -hdb /home/dave/Public/winxp_disk2.img -m 256 -usb -usbdevice tablet -daemonize


Thursday, April 10, 2008

Change the data directory in Redhat Linux Enterprise with sellinux on

Today I had to change the data directory for a MySQL database in Redhat 5 Enterprise Edition with selinux set to enforcing mode. This was in a NEW INSTALL so there was no existing data. I stress this because this method is not a method one uses to RELOCATE existing data.

Here are the steps:
  1. Stop the database => service mysqld stop
  2. Edit /etc/my.cnf and change the datadir value to the desired location.
  3. Change the selinux user / role and type on the new location.
    1. chcon -u system_u -r (cantremember_r) -t mysqld_db_t /full/path/to/mysql/data/dir
  4. Change the owner:group on the datadir
    1. chown mysql:mysql /full/path/to/mysql/data/dir
  5. Change the file permissions on the datadir
    1. chmod 755 /full/path/to/mysql/data/dir
  6. Start the database => service mysqld start
    1. Hold thumbs... :)

UPDATE *** 2011-07-21 ***

Wednesday, April 9, 2008

joomla Abandoned...

Yes it's true. I have had to abandon the Joomla idea for the personal homepage. It turns out that I simply don't have enough space on my ISP Hosting account for it and for emails etc.

I am currently loading up a default install of modX. Find details about modX here: http://modxcms.com/

Its a relatively simple CMS System. It has a lot of the same features as Joomla so should be just fine for Tanja to help me keep it up to date.

Tuesday, April 8, 2008

Send a binary message using netcat on windows

Consider that you need to send an echo message to a service that expects the echo in a binary format. If a correctly formatted binary message is sent to the service it will respond with a correctly formatted response over the same connection.

I was tasked with this at work today and here is what I came up with.

I used JScript running under the Windows Scripting Host ( WSH ) to:
create a WshShell objectexecute a WshShell.Exec to run a shell command on the host machine to use netcat to send the binary file and pipe the output into a receivedData.bin file.
execute a WshShell.Exec to use the windows command line tool, "FC" to compare the received file with a known existing file.


//JScript - executed under the Windows Scripting Host ( cscript )
//var WshShell = new ActiveXObject("WScript.Shell");
var oExec = WshShell.Exec( "%comspec% /c c:\\myScripts\nc.exe 192.168.0.2 1234 <> c:\\myScripts\\recData.bin" );
//Keep checking for a valid status code and if found break out or break out after 10 seconds
tryCount = 0;

do while ( true ) {
if( tryCount ++ > 10 || oExec.Status == 1 ) {
break;
} else {
WScript.Sleep(100);
}
}

//Do the file compare
oExec = WshShell.Exec( "%comspec% /c fc /B c:\\myScripts\\correctEchoResponse.bin c:\\myScripts\\recData.bin" );

//Again - Wait 10 seconds or break if command complete
tryCount = 0;
do while ( true ) {
if( tryCount ++ > 10 || oExec.Status == 1 ) {
break;
} else {
WScript.Sleep(100);
}
}

//Check the exit code and report results.
if( oExec.ExitCode != 1 ) {
WScript.Echo( "FAILED MATCH" );
} else {
WScript.Echo( "SUCCESSFUL MATCH" );
}


So that's it really. The script should work. ( This is written mostly from memory so it might need a bit of debugging but the concepts are there.)

More info: http://msdn2.microsoft.com/en-us/library/ateytk4a(VS.85).aspx

Sunday, April 6, 2008

Joomla Installation

I have installed Joomla successfully on my localhost ( Fedora 8 ) using the default php and mysql installations with the most recent patches installed. At once point I was asked for FTP information. I was unable to configure ftp for my localhost in the short time I allowed myself. No matter though because FTP is enabled by default on all webservers. The FTP options will not be a problem in my production setup.

At some point during the trial of any new software application the testing becomes production if testing takes too long. Testing has taken too long. Watch this space.

New Website

I am thinking of updating my personal home page and migrating the code sections from there to here. That way I can maintain a different focus on each website. It seems that the rest of my friends and family are not all that interessted in new and exciting ways to back up data using bash. I will report my progress here.

The first CMS I will try for the personal home page is Joomla. It seems to have gained a lot of support and it's based on Mambo which I have used before.

CakePHP

I was asked to create a very simple application by a work colleague. The application was to maintain a list of members of the office Cake Club. The Cake Club is a group of people that buy / bake a cake on Friday to share with the rest of the members. This application needed an interface to add, edit and remove members of the club. It needed to send an email on Wednesday to the next person on the list for Friday. Then on Friday that person's date would need to be rolled over to the end of the list.

After much research I eventually decided on CakePHP as being the best framework to use. CakePHP allows the following benefits:
  1. Easy integration with CSS / XHTML templates
  2. Rapid development - Ruby on Rails style based on database tables that follow the correct conventions
  3. Boilerplate and custom data validation tools
  4. MVC design
  5. Loads of other tools and hooks that can be programmed in.
  6. A large and active user community for help and support.
The best place to learn about cake php is here: http://book.cakephp.org/